<?php session_start();
include('../functions.php');
if ($_SESSION["pass"] != check($_SESSION["user"])) {
log_write('user', 'Possible hack attempt detected', 'Incorrect password specified for user');
die('HACK ATTEMPT: This attempted hack has been logged along with your IP');
exit;
} elseif(!isset($_SESSION["pass"])) {
log_write('user', 'Possible hack attempt detected', 'No password specified for user: '.$_SESSION["user"]);
die('HACK ATTEMPT: This attempted hack has been logged along with your IP');
exit;
} if($_SESSION["power"] != 'Administrator') {
log_write('admin', $_SESSION["user"].' has attempted to access the Admin area', 'Security Breach');
header("Location: /");
exit;
}
if($_POST['password'] != '') {
if(crypt(md5($_POST['password']), md5($_SESSION['user'])) == check($_SESSION['user'])) {
$somecontent = '<?php
if(eregi(basename(__FILE__),$_SERVER[\'REQUEST_URI\'])) { die(\'Unauthorized Access Attempt\'); }
//--
// Config file settings
//--
//
//note: ture = on, false = off.
//
$show = true; // users can view the files in a file viewer
$del = '.$_POST['del'].'; // users can delete files
$edit = '.$_POST['edit'].'; // users can edit files
$rename = '.$_POST['rename'].'; // users can rename files
$copy = '.$_POST['copy'].'; // users can copy files
$move = '.$_POST['move'].'; // users can move files
$upload = '.$_POST['upload'].'; // users can upload files

//-- Admin settings --
include(\'includes/admin.php\');

//-- [END] --

//---[DO NOT EDIT BEOND THIS POINT]---
$debug = true;
?>';
$file = ROOT_PATH.'config.php';

$fp = @fopen("$file","w+") or dir("Failed to make file.. Please refresh");
$content = stripslashes($somecontent);
fwrite($fp, $content);
fclose($fp);
echo '<fieldset><legend>User Account Settings</legend>The user account settings have been updated and will take effect on all users with the User privileges immediately.</fieldset>';

} else { $hidden = '';
foreach($_POST as $key => $value) {
if($key != 'password') { $hidden .= "<input type=\"hidden\" name=\"".$key."\" value=\"".$value."\" />\n"; }
}
echo <<<TLD
<form name="setup" method="post">
<fieldset>
	<table style='width: 100%; border: 0px; padding:0px' cellspacing='0' width="1113" height="71">
 	{$hidden}
		<tr>
			<td class='title'>Confirm your admin password:</td>
			<td class='content' colspan="2"><input type='password' class='sql_form' name='password'></td>
 			<td height="24">&nbsp;</td>
		</tr>
	</table>
	<b><font color="red">The password you typed was incorrect. Please try again</font></b><br />
	<input type="button" class="nButton" name="addUsr" onClick="javascript:SetCheckPass('admin/setup.php','POST');" value="Update settings" />
</fieldset></form><pre>
TLD;
print_r($_POST);
echo '</pre>';
} } else {
	echo <<<TLD
<form name="changSet" method="post">
								<fieldset>
        		 	                <legend>User Account Settings</legend>
        		 	                <table style='width: 100%; border: 0px; padding:0px' cellspacing='0' width="1113" height="71">
										<tr>
            		 	                    <td class='title'>Users can delete 
											files:</td>
            		 	                    <td class='content'>
												<input type="radio" value="true" checked name="del"> Yes											</td>
											<td class='content'>
											<input type="radio" value="false" name="del"> No											</td>
            		 	                	<td height="23">&nbsp;</td>
										</tr>
										<tr>
            		 	                    <td class='title'>Users can 
											edit files:</td>
            		 	                    <td class='content'>
												<input type="radio" value="true" checked name="edit"> Yes											</td>
											<td class='content'>
											<input type="radio" value="false" name="edit"> No											</td>
            		 	                	<td height="23">&nbsp;</td>
										</tr>
										<tr>
            		 	                    <td class='title'>Users can rename 
											files:</td>
            		 	                    <td class='content'>
												<input type="radio" value="true" checked name="rename"> Yes											</td>
											<td class='content'>
											<input type="radio" value="false"  name="rename"> No											</td>
            		 	                	<td height="23">&nbsp;</td>
										</tr>
										<tr>
            		 	                    <td class='title'>Users can 
											copy files:</td>
            		 	                    <td class='content'>
												<input type="radio" value="true" checked name="copy"> Yes											</td>
											<td class='content'>
											<input type="radio" value="false" name="copy"> No											</td>
            		 	                	<td height="23">&nbsp;</td>
										</tr>
										<tr>
            		 	                    <td class='title'>Users can 
											move files:</td>
            		 	                    <td class='content'>
												<input type="radio" value="true" checked name="move"> Yes											</td>
											<td class='content'>
											<input type="radio" value="false" name="move"> No											</td>
            		 	                	<td height="23">&nbsp;</td>
										</tr>
										<tr>
            		 	                    <td class='title'>Users can upload 
											files:</td>
            		 	                    <td class='content'>
												<input type="radio" value="true" checked name="upload"> Yes											</td>
											<td class='content'>
											<input type="radio" value="false"  name="upload"> No											</td>
            		 	                	<td height="23">&nbsp;</td>
										</tr>
										<tr>
            		 	                    <td class='title'>Confirm your admin password:</td>
            		 	                    <td class='content' colspan="2"><input type='password' class='sql_form' name='password'></td>
            		 	                	<td height="24">&nbsp;</td>
										</tr>
            		 	            </table>
	<b><font color="red">You failed to supply a password. Please try again</font></b><br />
<input type="button" class="nButton" name="addUsr" onClick="javascript:changeSet('admin/setup.php','POST');" value="Update settings" />
            		 	        </fieldset>
TLD;
} ?>